The Green Sheet Online Edition

January 23, 2012 • Issue 12:01:02

FBI warns banks of new cyber threat

A new year brought a new Internet security threat with it, according to recent FBI warnings. The new threat is a phishing scheme dubbed "Gameover" that attempts to get people, often in financial institutions, to open fake emails purportedly from NACHA - the Electronic Payments Association. Once the emails are opened and a link in the message is activated, malicious software embedded in the website attached to the link infects the recipient's computer and gives criminals access to the recipient's bank accounts.

The virus

The FBI said Gameover is a virulent improvement on the more familiar Zeus malware that was created several years ago and targeted at banks. The Gameover phony emails tell the recipient, often a banking executive identified through social networking channels such as LinkedIn, that NACHA has found a problem with a bank account or an automated clearing house (ACH) transaction. The message contains a link that supposedly leads to a solution for the problem; the link instead leads to a bogus website where the Gameover malware is downloaded and begins accessing banking information from the computer it has infected.

It may seem natural to some banking officials to open electronic mail purportedly from NACHA because the association is in charge of developing, administering and governing the important ACH network.

When thieves gain entry to a financial institution, they typically launch a distributed denial of service (DDoS) attack though which a legion of computers suddenly flood the bank's server with traffic that prevents legitimate users from accessing the site. Under the cloak of the DDoS attack, the criminals begin transferring money from accounts.

The FBI believes the DDoS draws attention from the money transfers and makes it impossible to reverse the transactions. Worse, the agency believes the malware has the ability to defeat several kinds of dual-factor authentication.

The scam

The FBI said in some instances the thieves are transferring the funds to jewelry stores to pay for gems, which their agents pick up and deliver back to them for conversion to cash. Often the agents who pick up the jewels, called "money mules" by law enforcement, are not aware of the criminal activity they are participating in, the FBI said. They are frequently people who work out of their homes who applied for a seemingly legitimate job through the Internet. Other victims include the merchant jewelers who, when schemes are discovered and the transactions with the jewelers are reversed or canceled, are forced to absorb the loss of the jewels, the FBI noted.

NACHA response

In a statement issued late in 2011, NACHA said it is requesting "financial institutions, billers/merchants, and payment providers ensure that their front-line staff - those who interact with customers - understand the sustained and evolving nature of these attacks."

NACHA said the phony emails often claim to be from actual NACHA employees or departments and often include a counterfeit NACHA logo along with NACHA's mailing address and phone number. "NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions," the association stated. "NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive."

NACHA stated it is not the only organization criminals are using as a phony front for their thefts. The association said similar phishing attacks are occurring using bogus emails supposedly sent by the Federal Reserve Bank, the Internal Revenue Service, other federal agencies, commercial financial institutions, payment organizations, technology companies and other businesses.

NACHA urged people who suspect they have received an improper email purporting to be from NACHA to forward the message to abuse@nacha.org to help in the capture and prosecution of the thieves.

Security

Kevin McAleavey, a researcher and developer of the KNOS secure operating system, noted in a recent blog, "Like so many other dangerous exploits and malware, once again the target is Windows-based systems that are used for Internet access as well as business use, but Gameover goes far beyond the level of mayhem commonly found in ordinary day-to-day infections and poses a particular risk to smaller operations without their own security 'geeks' at the ready. Now that the criminals have honed their skills, they're turning to the weakest link in businesses in order to rack up their cash flows."

McAleavey and other security experts recommend using dedicated computers never used for navigating on the Internet for financial transactions, so when criminals do gain access to company computers there is no financial information to steal.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.